PT-2019-14044 · Valve · Steam Client
Published
2019-08-21
·
Updated
2020-08-24
·
CVE-2019-15315
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Valve Steam Client for Windows versions prior to 2019-08-16
Description
The issue allows local users to escalate privileges to NT AUTHORITYSYSTEM. This is possible because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack a specific security patch.
Recommendations
For versions prior to 2019-08-16, update to a version that includes the necessary security patch to prevent privilege escalation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Steam Client